Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack + general destruption


  • This topic is locked This topic is locked
11 replies to this topic

#1 jangojangojango

jangojangojango

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 11 May 2009 - 04:56 PM

Hi guys,

been 'using' for years never seen a problem as severe as this before, I've obviously been jacked as my connection is going crazy - my computer is obviously talking to something somewhere in a frenzy. When I try to load a page it often tells me it can't.

When it does I'll click a link from a google search result page and redirect me to <http://awebview.com> which then forwards me to another bulls*it search engine... funnily enough it stores my original search made in google and then tries to search for that term in <http://www.britanniasearch.co.uk/> for example.

crazy scary stuff from my perspective. I've spent a week using at first my trusted tools of adwords and spybot, then Malwarebytes' Anti-Malware, and then heard about hijackthis.

Can't get rid and although no newbie, can not read the output log file like some of you might.

Please help.

Many many thanks in advance
(PS looks like sabrams ( http://www.bleepingcomputer.com/forums/lof...hp/t225988.html ) might be having a similiar issue to me...)

Here's log:
----------------------------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:20, on 11/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Apps\ActivBoard\OSD.exe
C:\Documents and Settings\all things spice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\DL32.exe
C:\Program Files\Extensis\Suitcase\Suitcase.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - (no file)
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {90a586e8-fe07-41b3-b5d0-547ecb72a0cd} - (no file)
O2 - BHO: (no name) - {915560c0-661c-4b73-a4ff-62a63e64bd52} - (no file)
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - (no file)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\all things spice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0512d8eb1556af...ip/RdxIE601.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: sysdiag.dll, gaujkn.dll C:\WINDOWS\system32\pubapelu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 13381 bytes

Edited by Orange Blossom, 11 May 2009 - 09:16 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:18 AM

Posted 12 May 2009 - 05:50 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jangojangojango

jangojangojango
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 12 May 2009 - 06:25 PM

Thanks Sam,

I will carry out requests, restarted numerous times and browser saying 'proxy server refused connection' so can't actually get online. Since yesterday I installed Avira antivirus which has highlighted I'm infected with TR/Crypt.XPACK.Gen and TR/Crypt.Morphine.Gen.

I've also just run SDFix which looked like it had found and destroyed 3 trojans... but on startup there they were again. Infuriating because sometimes it allows me to get on net and sometimes not.

This is the log created by Malware a couple of days ago. - sorry not more up to date - I will repost newer version the moment I get this thing connected again.

--------------------------------------------------------

Malwarebytes' Anti-Malware 1.36
Database version: 2089
Windows 5.1.2600 Service Pack 2

07/05/2009 23:53:13
mbam-log-2009-05-07 (23-53-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 312703
Time elapsed: 3 hour(s), 7 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dl32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\celkadaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\himtgop.exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\ohkbrkoo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\okex.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\pdtivk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\wwmeoblk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\xmrgycj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\all things spice\Local Settings\Temp\1989115149.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0171504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0172504.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0172505.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0172506.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0173503.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0173506.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0174545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0173505.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0174546.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1096\A0174547.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1450A557-4027-4F57-AFFC-65B5F7AFB22A}\RP1097\A0176524.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qos.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pp06.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\xnev.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1241466499.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1241479979.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1241484947.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\iwtqujsd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:18 AM

Posted 13 May 2009 - 02:55 PM

For this next step you will need to disable Spybot's Teatimer or it will interfere with Hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - (no file)
O2 - BHO: (no name) - {90a586e8-fe07-41b3-b5d0-547ecb72a0cd} - (no file)
O2 - BHO: (no name) - {915560c0-661c-4b73-a4ff-62a63e64bd52} - (no file)
O2 - BHO: (no name) - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - (no file)



Reboot your computer and your connection should be restored.
Follow the directions in my previous post and then post the logs back here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jangojangojango

jangojangojango
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 13 May 2009 - 03:42 PM

Hi Sam, thanks again for your help.

Heres newly installed version of Malware report with OTListIt2 report after it. Between running the 2 reports I did what was asked in previous post (made changes to spybot resident teatimer and deleted entries from hijack this - *although not able to find "O2 - BHO: (no name) - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - (no file)"... but deleted the other 5 entries)

--------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.36
Database version: 2110
Windows 5.1.2600 Service Pack 2

13/05/2009 21:03:20
mbam-log-2009-05-13 (21-03-20).txt

Scan type: Quick Scan
Objects scanned: 112750
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dl32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ejblcxxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipbyng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\wuciqrcdmiqriycw.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\wavunte.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


------------------------------------------------------------------------------OTList report:



OTListIt logfile created on: 13/05/2009 21:32:39 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\all things spice\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.47 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 56.05% Memory free
3.48 Gb Paging File | 3.05 Gb Available in Paging File | 87.68% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 22.52 Gb Free Space | 40.30% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 131.25 Gb Total Space | 9.60 Gb Free Space | 7.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 58.66 Gb Total Space | 0.67 Gb Free Space | 1.15% Space Free | Partition Type: NTFS

Computer Name: JANSCOMP
Current User Name: all things spice
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/06 01:02:14 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2001/08/06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Apps\ActivBoard\nhksrv.exe
PRC - [2003/11/07 22:41:48 | 00,110,592 | ---- | M] () -- C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
PRC - [2005/04/06 15:09:28 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2002/08/05 08:00:00 | 00,196,625 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2002/08/05 08:00:00 | 00,176,204 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
PRC - [2002/07/18 22:59:50 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
PRC - [2006/01/05 14:15:10 | 00,024,681 | ---- | M] () -- C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
PRC - [2007/11/15 19:46:14 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2007/08/03 16:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2002/08/05 08:00:00 | 00,200,782 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
PRC - [2002/02/01 18:46:44 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2001/08/18 11:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/04 08:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/06/19 18:51:12 | 00,192,512 | ---- | M] (Netropa Corp.) -- C:\Apps\ActivBoard\MMKeybd.exe
PRC - [2002/10/15 19:00:20 | 01,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe
PRC - [2008/03/28 23:37:20 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2004/08/26 23:43:06 | 00,056,320 | ---- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\DeltTray.exe
PRC - [2007/08/03 16:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2006/11/21 18:38:22 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2009/05/06 01:02:15 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/10/11 20:28:58 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/02/03 06:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2008/04/23 17:45:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/09/03 22:27:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\all things spice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2002/05/30 13:30:28 | 00,110,592 | ---- | M] () -- C:\Apps\ActivBoard\TrayMon.exe
PRC - [2001/11/14 04:03:12 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Apps\ActivBoard\OSD.exe
PRC - [2000/11/15 14:39:54 | 01,613,824 | ---- | M] (Extensis Products Group) -- C:\Program Files\Extensis\Suitcase\Suitcase.exe
PRC - [2007/07/09 04:15:31 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/04/23 17:45:36 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/05/01 22:44:21 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/13 21:31:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all things spice\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/01/13 00:16:55 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
SRV - [2003/11/07 22:41:48 | 00,110,592 | ---- | M] () -- C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe -- (aliasdocserver [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/06 15:09:28 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2002/08/05 08:00:00 | 00,196,625 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe -- (AvSynMgr [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2002/07/18 22:59:50 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/07/09 04:15:31 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2009/04/27 19:33:34 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 08:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/05/20 11:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2009/05/06 01:02:14 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (lavasoft ad-aware service [Auto | Running])
SRV - [2005/06/16 04:21:31 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD [Disabled | Stopped])
SRV - [2007/11/15 19:46:14 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2007/08/03 16:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2002/08/05 14:53:50 | 00,237,663 | ---- | M] () -- C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe -- (McShield [Disabled | Stopped])
SRV - [2004/08/04 08:56:57 | 00,013,312 | ---- | M] () -- C:\WINDOWS\system32\altsvc.exe -- (Netbios Helper Service [Auto | Stopped])
SRV - File not found -- -- (NETDDEC [Auto | Stopped])
SRV - [2001/08/06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Apps\ActivBoard\nhksrv.exe -- (nhksrv [Auto | Running])
SRV - [2002/02/01 18:46:44 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - [2007/02/08 16:13:46 | 00,212,480 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2001/11/29 16:09:28 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Stopped])
SRV - File not found -- -- (Ss_elauqi [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 07:10:10 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2003/09/05 06:58:24 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/10/27 18:49:30 | 00,070,624 | R--- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/04 07:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2004/08/04 06:59:42 | 00,095,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2004/08/04 07:10:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/06/23 03:49:00 | 00,300,928 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2002/07/18 22:59:50 | 00,057,968 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2002/11/18 16:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
DRV - [2001/08/17 13:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [2004/03/12 22:41:28 | 00,156,800 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus [Boot | Running])
DRV - [2004/03/12 22:41:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt [Boot | Running])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2005/10/06 14:31:54 | 00,292,992 | ---- | M] (Midiman/M-Audio) -- C:\WINDOWS\system32\DRIVERS\delta.sys -- (DELTA [On_Demand | Running])
DRV - [1998/07/10 05:31:00 | 00,007,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D [Auto | Running])
DRV - [2001/08/17 13:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
DRV - [2001/08/17 13:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
DRV - [2004/08/04 07:08:21 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/09/14 15:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/01/05 14:20:19 | 00,453,632 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2006/01/05 14:20:18 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2001/08/17 13:52:24 | 00,038,144 | ---- | M] (HighPoint Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx [Boot | Running])
DRV - [2006/04/13 01:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/13 01:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/04/13 01:04:39 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/12 05:38:24 | 00,162,432 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ithsgt.sys -- (ithsgt [Auto | Running])
DRV - [2002/01/28 02:43:00 | 00,050,994 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys -- (l8042pr2 [On_Demand | Stopped])
DRV - [2009/05/06 01:02:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (lbd [Boot | Running])
DRV - [2002/01/28 02:43:00 | 00,022,210 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys -- (LHidFlt2 [On_Demand | Stopped])
DRV - [2002/01/28 02:43:00 | 00,039,936 | ---- | M] (Logitech) -- C:\WINDOWS\system32\drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Stopped])
DRV - [2005/12/12 05:38:24 | 00,012,032 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lilsgt.sys -- (lilsgt [Auto | Running])
DRV - [2002/01/28 02:43:00 | 00,005,842 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2 [On_Demand | Running])
DRV - [2007/08/03 16:09:34 | 00,012,992 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2007/08/03 16:04:52 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMImirr.sys -- (LMImirr [On_Demand | Running])
DRV - [2007/11/15 19:46:40 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2007/08/03 16:09:34 | 00,046,112 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2002/01/28 02:43:00 | 00,067,698 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2003/03/13 22:23:28 | 00,019,712 | R--- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\DRIVERS\mxofwfp.sys -- (MaxtorFrontPanel1 [On_Demand | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/04 07:09:58 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2001/12/20 09:02:12 | 00,006,656 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (msikbd2k [System | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
DRV - [2001/11/29 16:09:14 | 00,172,708 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Stopped])
DRV - [2001/11/29 16:09:18 | 02,383,460 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2001/08/17 13:22:06 | 00,023,296 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys -- (NaiFiltr [On_Demand | Stopped])
DRV - [2007/02/22 10:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007/02/22 10:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007/02/22 10:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
DRV - [2007/02/22 10:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
DRV - [2001/11/29 16:09:20 | 00,607,732 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys -- (NtMtlFax [On_Demand | Stopped])
DRV - [2002/02/01 18:46:44 | 00,877,357 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/04/29 13:53:00 | 00,028,288 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Stopped])
DRV - [2002/01/13 07:44:00 | 00,096,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys -- (NVENET [On_Demand | Running])
DRV - [2002/04/29 13:53:00 | 00,010,240 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvmpu401.sys -- (nvmpu401 [On_Demand | Running])
DRV - [2002/04/29 13:53:00 | 00,212,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped])
DRV - [2001/11/20 19:20:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2003/08/11 11:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2001/08/18 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/08/25 04:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2005/10/16 02:15:41 | 00,027,171 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/06/21 22:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2001/08/17 13:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
DRV - [2004/08/04 07:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/12/31 16:19:28 | 00,390,016 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Stopped])
DRV - [2001/11/29 16:09:26 | 00,175,160 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2001/11/29 16:09:28 | 00,033,028 | ---- | M] (Vireo Software) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Stopped])
DRV - [2001/06/21 22:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2002/12/05 01:25:29 | 00,015,740 | R--- | M] (MIDIMAN) -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR [On_Demand | Stopped])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/08/04 06:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2002/12/05 01:25:29 | 00,023,392 | R--- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\drivers\usbks1x1.sys -- (USBKS1X1 [On_Demand | Stopped])
DRV - [2002/12/05 01:25:29 | 00,005,664 | R--- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\drivers\usbmidim.sys -- (USBMIDIM [On_Demand | Stopped])
DRV - [2004/08/04 07:04:32 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2001/11/29 16:09:32 | 01,432,836 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\v90drv.sys -- (V90drv [On_Demand | Stopped])
DRV - [2003/12/22 02:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\s-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\s-1-5-21-2210740495-2536451121-3566534856-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}:0.3.7
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.26
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/01 22:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/01 22:44:30 | 00,000,000 | ---D | M]

[2008/08/27 20:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Extensions
[2008/08/27 20:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/07 19:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Firefox\Profiles\rp2z5lnu.default\extensions
[2008/01/07 20:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Firefox\Profiles\rp2z5lnu.default\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
[2008/11/09 18:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Firefox\Profiles\rp2z5lnu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/05/27 14:51:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Firefox\Profiles\rp2z5lnu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2008/10/02 21:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all things spice\Application Data\mozilla\Firefox\Profiles\rp2z5lnu.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2009/05/11 19:50:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/01 22:44:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/06/23 17:24:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\stumbleupondefault@outraged-artists.com
[2009/05/01 22:44:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/01 22:44:21 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/03 23:39:25 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/03 23:39:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/03 23:39:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/18 00:53:48 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/03 23:39:25 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/03 23:39:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/03 23:39:25 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.)
O3 - HKU\.default\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\s-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DeltTray] DeltTray.exe (Doug Fetter Software Wizardry)
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe (Doug Fetter Software Wizardry)
O4 - HKLM..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup ()
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions File not found
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (Adobe Systems Incorporated)
O4 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005..\Run: [Google Update] "C:\Documents and Settings\all things spice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
O4 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\all things spice\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\all things spice\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk = C:\Program Files\Extensis\Suitcase\Suitcase.exe (Extensis Products Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005_classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.default\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-21-2210740495-2536451121-3566534856-1005\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/0512d8eb1556af...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (sysdiag.dll) - C:\WINDOWS\system32\sysdiag.dll ()
O20 - AppInit_DLLs: (gaujkn.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\pubapelu.dll) - C:\WINDOWS\system32\pubapelu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6bf130fb-5683-11dd-82d5-001cdf58c7bb}\Shell\Auto\command - "" = G:\infrom.exe -- File not found
O33 - MountPoints2\{6bf130fb-5683-11dd-82d5-001cdf58c7bb}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/13 21:31:39 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\all things spice\Desktop\OTListIt2.exe
[2009/05/13 21:19:32 | 00,026,732 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_05_13_21_19_32.dmp
[2009/05/13 20:52:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/13 20:52:11 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 20:52:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/13 20:52:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/12 22:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all things spice\Application Data\WinRAR
[2009/05/12 22:33:55 | 15,765,70880 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/12 22:08:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\erunt
[2009/05/12 22:02:11 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/12 21:20:59 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\all things spice\Desktop\SDFix.exe
[2009/05/12 20:53:40 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/12 20:51:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/12 20:49:40 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\all things spice\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/12 20:49:23 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\all things spice\Desktop\NTREGOPT.lnk
[2009/05/12 20:49:23 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/11 19:37:48 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/11 19:37:48 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/07 20:02:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/07 20:01:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\all things spice\Desktop\HJTInstall.exe
[2009/05/06 02:21:14 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/06 01:03:15 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/06 01:02:52 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/06 01:01:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/06 01:00:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/06 00:25:56 | 00,002,726 | ---- | C] () -- C:\Documents and Settings\all things spice\Desktop\FAPTurbo_review)))).html
[2009/05/04 22:59:59 | 11,418,9120 | ---- | C] () -- C:\Documents and Settings\all things spice\Desktop\Wignap 1st Birthday Mix - Allied Manoeuvres (03.05.2009).mp3
[2009/05/04 20:00:25 | 00,116,476 | ---- | C] () -- C:\WINDOWS\System32\drivers\7b21311e.sys
[2009/05/04 19:52:25 | 00,116,476 | ---- | C] () -- C:\WINDOWS\System32\drivers\fcc1a489.sys
[2009/05/04 19:42:51 | 00,000,110 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/04 19:27:32 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/04 19:27:13 | 00,116,476 | ---- | C] () -- C:\WINDOWS\System32\drivers\9a9eecb0.sys
[2009/04/30 23:06:30 | 17,444,352 | ---- | C] () -- C:\Documents and Settings\all things spice\Desktop\adwords_editor_en-US.msi
[2009/04/19 00:10:35 | 73,256,7552 | ---- | C] () -- C:\Documents and Settings\all things spice\Desktop\Lucky Number Slevin.avi
[2009/04/16 00:20:00 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 00:19:59 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 00:19:59 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 00:19:59 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 00:19:59 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 00:19:59 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/16 00:19:59 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 00:19:58 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 00:19:58 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 00:19:57 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 00:18:53 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/02/12 20:36:55 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\4E1A339A92.sys
[2007/11/19 20:31:08 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/07/17 23:39:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/07/09 04:43:52 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/06/30 06:05:48 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/10 22:12:41 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/08 15:18:02 | 00,007,920 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/03/14 00:37:29 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/01/05 14:20:18 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/01/05 14:20:05 | 00,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2005/12/12 05:38:24 | 00,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2005/12/12 05:38:24 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2005/10/19 23:16:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2005/09/03 10:35:14 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/09/03 10:35:14 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/09/03 10:35:14 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/09/03 10:35:14 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/09/03 10:35:14 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005/08/18 08:40:51 | 00,002,476 | ---- | C] () -- C:\WINDOWS\System32\ms32.dll
[2005/06/16 02:36:43 | 00,510,976 | ---- | C] () -- C:\WINDOWS\System32\synsoacc.dll
[2005/04/28 03:49:07 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\wkzon32.dll
[2005/04/28 02:27:12 | 16,379,904 | ---- | C] () -- C:\WINDOWS\System32\AbsynthIAC.dll
[2005/04/20 19:49:50 | 00,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2005/04/20 19:49:50 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2005/03/04 00:13:54 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\Funckey.dll
[2005/03/04 00:13:54 | 00,003,181 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2005/02/25 22:42:06 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/10 20:21:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/01/10 20:19:53 | 00,002,724 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/10 20:19:53 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\DCE80FFE76.sys
[2005/01/06 15:05:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/29 17:33:04 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2004/10/15 10:43:12 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2004/10/10 20:07:20 | 00,015,062 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/01 16:49:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/31 01:05:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/08/23 01:15:36 | 00,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/08/23 00:57:02 | 00,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2004/08/23 00:57:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/23 00:52:36 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/08/23 00:47:20 | 00,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2004/08/23 00:47:20 | 00,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2004/06/06 12:53:42 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/06/05 12:56:16 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/03/15 19:28:50 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2002/10/06 19:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 00:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 00:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 00:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/08/27 13:37:06 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2002/08/27 12:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/27 11:44:02 | 00,000,970 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/27 11:43:57 | 00,003,817 | ---- | C] () -- C:\WINDOWS\System32\serv-u.ini
[2002/08/27 11:43:57 | 00,002,553 | ---- | C] () -- C:\WINDOWS\System32\tcp.dll
[2002/08/27 11:43:57 | 00,000,971 | ---- | C] () -- C:\WINDOWS\System32\drivers\mschk.dll
[2002/08/27 11:43:57 | 00,000,259 | ---- | C] () -- C:\WINDOWS\System32\mgtpsvc.dll
[2002/08/27 11:43:57 | 00,000,259 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/08/27 11:43:35 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\winntlog_uni.dll
[2002/08/27 11:43:35 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\winntcmd_2_0.dll
[2002/08/27 11:43:35 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\dxvars.dll
[2002/08/27 11:43:35 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\ipcmd.dll
[2002/08/27 11:43:35 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\sysdiag.dll
[2002/08/12 20:05:48 | 00,000,199 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/09/17 12:00:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\tsseCryp.dll
[2001/08/31 15:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/17 13:22:06 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 00:00:00 | 02,383,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 01,432,836 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\v90drv.sys
[1980/01/01 00:00:00 | 00,607,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 00,390,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 00,175,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 00:00:00 | 00,172,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\nvwrsja.dll
[1980/01/01 00:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\nvwrsko.dll
[1980/01/01 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvwrszht.dll
[1980/01/01 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvwrszhc.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/13 21:34:19 | 00,116,476 | ---- | M] () -- C:\WINDOWS\System32\drivers\9a9eecb0.sys
[2009/05/13 21:31:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all things spice\Desktop\OTListIt2.exe
[2009/05/13 21:28:01 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 21:27:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\all things spice\Local Settings\desktop.ini
[2009/05/13 21:21:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 21:21:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 21:21:38 | 15,765,70880 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 21:19:34 | 00,026,732 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_05_13_21_19_32.dmp
[2009/05/13 21:04:19 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\vwyocexq.job
[2009/05/13 20:52:11 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 20:11:11 | 00,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2210740495-2536451121-3566534856-1005.job
[2009/05/13 19:33:24 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{48DE24F8-5070-4A1D-B8BD-559D2E6BFBE3}.job
[2009/05/13 01:02:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/12 22:23:30 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/12 21:21:20 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\all things spice\Desktop\SDFix.exe
[2009/05/12 20:49:40 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\all things spice\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/12 20:49:23 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\all things spice\Desktop\NTREGOPT.lnk
[2009/05/11 21:26:48 | 00,002,328 | ---- | M] () -- C:\Documents and Settings\all things spice\Desktop\Google Chrome.lnk
[2009/05/11 19:37:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/11 19:37:48 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/07 20:02:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\all things spice\Desktop\HJTInstall.exe
[2009/05/07 19:11:28 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/07 19:11:28 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 19:11:27 | 00,458,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/06 21:41:35 | 00,000,041 | ---- | M] () -- C:\WINDOWS\msiosd.ini
[2009/05/06 01:02:43 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/06 01:02:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/06 00:25:56 | 00,002,726 | ---- | M] () -- C:\Documents and Settings\all things spice\Desktop\FAPTurbo_review)))).html
[2009/05/04 23:30:06 | 11,418,9120 | ---- | M] () -- C:\Documents and Settings\all things spice\Desktop\Wignap 1st Birthday Mix - Allied Manoeuvres (03.05.2009).mp3
[2009/05/04 20:23:03 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\guziwahu
[2009/05/04 20:00:25 | 00,116,476 | ---- | M] () -- C:\WINDOWS\System32\drivers\7b21311e.sys
[2009/05/04 19:52:43 | 00,116,476 | ---- | M] () -- C:\WINDOWS\System32\drivers\fcc1a489.sys
[2009/05/04 19:43:48 | 00,000,110 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/04 19:27:32 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/05/04 19:27:32 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/04 19:26:06 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\vubulaku.exe
[2009/04/30 23:08:01 | 17,444,352 | ---- | M] () -- C:\Documents and Settings\all things spice\Desktop\adwords_editor_en-US.msi
[2009/04/16 22:27:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:18 AM

Posted 13 May 2009 - 03:49 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jangojangojango

jangojangojango
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 13 May 2009 - 05:32 PM

Installed and run combofix.

I didn't get ANY of those boxes, went straight to 'msdos' style window, ran program and then rebooted after said it would. All good.

On restart a window opened saying it was completing processes. it requested not to start any programs but I can't seem to get rid of adobe CS3 autoupdater, first time this seemed to crash it and it auto restarted. Second time (after attempting to switch this autoupdater feature off) it hanged on the same msdos style window - saying it was generating log report.. I've just switched it off after about 45 mins on the same.

Theres no C:\ComboFix.txt - there IS a folder in there named combofix with loads of files but no file called combofix.txt inside that folder. Should I run again?

#8 jangojangojango

jangojangojango
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 13 May 2009 - 06:01 PM

After I disabled ALL startup progs it seemed to have finally coughed up a log file :)
(I still didn't get any of those prompts you mentioned in your last post :thumbup2:




ComboFix 09-05-13.01 - all things spice 13/05/2009 23:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1503.930 [GMT 1:00]
Running from: c:\documents and settings\all things spice\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\all things spice\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\7b21311e.sys
c:\windows\system32\drivers\9a9eecb0.sys
c:\windows\system32\drivers\fcc1a489.sys
c:\windows\system32\ms32.dll
c:\windows\system32\vubulaku.exe
C:\xcrashdump.dat
q:\recycler\desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETBIOS_HELPER_SERVICE
-------\Legacy_NETDDEC
-------\Service_Netbios Helper Service
-------\Service_NETDDEC
-------\Service_9a9eecb0


((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 19:52 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 19:52 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 19:52 . 2009-05-13 19:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 21:08 . 2009-05-12 21:08 -------- d-----w c:\windows\erunt
2009-05-12 21:02 . 2009-05-12 22:24 -------- d-----w C:\SDFix
2009-05-12 19:53 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-12 19:49 . 2009-05-12 19:49 -------- d-----w c:\program files\ERUNT
2009-05-07 19:02 . 2009-05-07 19:02 -------- d-----w c:\program files\Trend Micro
2009-05-06 01:21 . 2009-05-06 00:02 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-06 00:02 . 2009-05-06 00:02 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-06 00:01 . 2009-05-06 00:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-06 00:00 . 2009-05-06 00:00 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-04 19:06 . 2009-05-04 19:06 -------- d-----w c:\documents and settings\Kristiana\Application Data\Malwarebytes
2009-05-04 19:05 . 2009-05-04 19:05 -------- d-----w c:\documents and settings\Kristiana\Application Data\PC Suite
2009-05-04 19:05 . 2009-05-04 19:05 -------- d-----w c:\documents and settings\Kristiana\Application Data\Nokia
2009-04-15 23:20 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:19 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-15 23:19 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 23:19 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:19 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 23:19 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:19 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:19 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:19 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:19 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:18 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 20:56 . 2002-08-27 10:43 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-06 00:00 . 2004-10-07 22:59 -------- d-----w c:\program files\Lavasoft
2009-05-04 20:45 . 2006-01-08 05:35 -------- d-----w c:\program files\Sony Ericsson
2009-05-04 20:45 . 2007-07-17 22:24 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-05-04 19:36 . 2005-02-13 15:36 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 22:09 . 2004-09-05 14:52 -------- d-----w c:\program files\Google
2009-04-07 23:25 . 2009-04-07 21:54 -------- d-----w c:\program files\Interbank FX Trader 4
2009-04-07 22:07 . 2009-04-07 22:07 -------- d-----w c:\program files\FapTurbo
2009-03-21 14:18 . 2002-08-27 10:43 62464 ----a-w c:\windows\system32\winntlog_uni.dll
2009-03-21 14:18 . 2002-08-27 10:43 62464 ----a-w c:\windows\system32\winntcmd_2_0.dll
2009-03-21 14:18 . 2002-08-27 10:43 62464 ----a-w c:\windows\system32\dxvars.dll
2009-03-21 14:18 . 2002-08-27 10:43 57856 ----a-w c:\windows\system32\ipcmd.dll
2009-03-21 14:18 . 2002-08-27 10:43 12800 ----a-w c:\windows\system32\sysdiag.dll
2009-03-06 14:44 . 2002-08-27 10:43 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-01-08 15:23 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2005-07-29 00:57 . 2005-07-29 00:57 3024 ----a-w c:\program files\Absynth 1.3 prefs.ini
2008-02-12 19:36 . 2008-02-12 19:36 8 --sh--r c:\windows\system32\4E1A339A92.sys
2005-01-10 19:19 . 2005-01-10 19:19 56 --sh--r c:\windows\system32\DCE80FFE76.sys
2008-02-12 19:49 . 2005-01-10 19:19 2724 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"Google Update"="c:\documents and settings\all things spice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 35328]
"ACTIVBOARD"="c:\apps\ActivBoard\MMKeybd.exe" [2002-06-19 192512]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"M-Audio Delta Taskbar Icon"="c:\windows\System32\DeltTray.exe" [2004-08-26 56320]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-06 516440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-02-01 303104]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]
"DeltTray"="DeltTray.exe" - c:\windows\system32\delttray.exe [2004-08-26 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\all things spice\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-8-23 110592]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Suitcase Startup.lnk - c:\program files\Extensis\Suitcase\Suitcase.exe [2006-8-12 1613824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sysdiag.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll
"aux1"= ctwdm32.dll
"Midi1"= usbkt1x1.dll
"midi3"= usbkt1x1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Zattoo\\zattood.exe"=
"c:\\Program Files\\Zattoo\\Zattoo1.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"<NO NAME>"= c:\\wavunte.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [20/04/2005 19:49 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [20/04/2005 19:49 5248]
R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/05/2009 01:02 64160]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [23/08/2004 00:52 6656]
R2 aliasdocserver;Alias Documentation Server;c:\program files\Alias\Maya6.0\docs\Wrapper.exe [05/01/2006 14:15 110592]
R2 AvSynMgr;AVSync Manager;c:\program files\McAfee\McAfee VirusScan\Avsynmgr.exe [05/08/2002 08:00 196625]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
R2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [23/08/2004 00:52 28672]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [17/08/2001 13:22 23296]
S3 Ss_elauqi;Ss_elauqi; [x]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [09/06/2005 12:20 15740]
S3 USBKS1X1;Midiman USB Keystation USB Driver;c:\windows\system32\drivers\usbks1x1.sys [09/06/2005 00:29 23392]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys [09/06/2005 00:31 5664]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [01/01/1980 1432836]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:02]

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2210740495-2536451121-3566534856-1005.job
- c:\documents and settings\all things spice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:27]

2009-05-13 c:\windows\Tasks\User_Feed_Synchronization-{48DE24F8-5070-4A1D-B8BD-559D2E6BFBE3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\windows\system32\CSLSP.DLL
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\all things spice\Application Data\Mozilla\Firefox\Profiles\rp2z5lnu.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all things spice\Application Data\Mozilla\Firefox\Profiles\rp2z5lnu.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\documents and settings\all things spice\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

File "c:\windows" added successfully
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 23:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{118600C1-E06C-ABA1-A888AB723E33B02B}\{E318BB0E-605A-21B6-FB8DB7AF590D8446}\{BCA1AEF5-4FB2-0965-288B69F3AC878E97}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6394A16B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3455F64-548B-0908-FFB42C4F669AFFD9}\{E04CBF2B-DDF8-6F36-F86E7B68B327A5A0}\{8F880586-6EB1-6C7E-395499CAC607AA84}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EAE54BA3-56A0-7636-9D760FE75B19E95C}\{32AED356-A62E-B541-0C1631C471EC4552}\{622BCC28-1320-8061-75578A77CF92A31A}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EEC79885-4786-49D7-ED36B6E7637E50FF}\{25B171C9-78C7-18E7-FBBA7E6592C7CB70}\{6B8ADD0A-85A7-C5B5-191A2895BD30C6E1}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\CSLSP.DLL

- - - - - - - > 'explorer.exe'(2936)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-13 23:56
ComboFix-quarantined-files.txt 2009-05-13 22:55

Pre-Run: 24,079,151,104 bytes free
Post-Run: 24,060,641,280 bytes free

271 --- E O F --- 2009-04-16 21:27

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:18 AM

Posted 14 May 2009 - 10:07 AM

This is why you didn't get those prompts.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 jangojangojango

jangojangojango
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 14 May 2009 - 05:56 PM

Sam,

you're the man.

It looks like on first inspection I'm clear of malware - actually second and third, I've rebooted a few times now.... Thankyou so much!

Its great to see my internet connection reacting like it should do ie. only when I ask it to.,, as oposed to mentalling out the second it felt the presence of the web.

I may - touch wood - be fixed... is there any programs you'd suggest I install and run 24/7 to stay away from hacks I've recently encountered??

Thanks again,
J

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:18 AM

Posted 15 May 2009 - 09:05 AM

Sounds good! :)
Let's clean up and then I'll post some final steps for you.


First run OTListIt and click on the CleanUp button.
Reboot your computer when prompted.


=============


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


============



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:18 AM

Posted 29 May 2009 - 12:27 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users